Well, having migrated this blog over to its new Wordpress-based setup, I quickly discovered the downside to this arrangement: comment spam.
I never had any comment spam before. I don’t know whether the system I had before was just particularly resilient to spam (possibly because having the comments hosted externally from the blog itself was confusing to bots) or whether it was just unusual enough that nobody had bothered to write a bot for it. It may have been a combination of both. But whatever the reason, the only time I got comments I didn’t want, they were from real-life flesh-and-blood wankers rather than automated bots.
However, no sooner had I got my Wordpress installation set up than the comment spam began to trickle in. Just one every day or two to start with, but then suddenly a large stream of them started pouring in.
I managed to catch 95% of them by blacklisting the string “www.playlist.com/blog/entry/”. But this didn’t stop the comments being posted, just ensured that they were marked as spam and not displayed. I still had to go to the admin panel and delete all the spam every day or two. So I tried looking for a plug-in that would add a captcha or similar to the comments form. I know these aren’t usually completely reliable, but it would at least be worth a try.
In the end I installed a plug-in that supposedly stops bots from posting comments without needing a captcha, or indeed anything that is seen by users at all. It seems to be working so far; I haven’t received any more spam comments since installing it last night. I’ve also tried posting comments myself, both logged-in and anonymously and they still seem to work.
If one or two other people could post comments to confirm that everything is still working? Come to that, can those people who were checking this through the Atom or RSS feed also comment, so I can be sure they haven’t been stranded by the move? I think I set up the appropriate redirects, but it’s as well to be sure.
Testing testing 1 10 11
I thought Akismet was turned on by default in current versions of Wordpress? It’s what I run on my blog, and it catches probably 95% of spam completely, and lets 5% though into my “Pending” box, i.e. they require my approval before posting. I’ve never had a spam comment get through to the page without asking my approval first.
It’s installed but inactive by default. It requires a wordpress.com API key to function, so I think it’s only active by default for blogs that are hosted on wordpress.com. I might see about turning that on as well, but while spam getting marked as such and dumped into the spam folder is better than having it appear on the page, having a setup that stops bots from being able to post at all is even better. This one seems to be achieving that successfully so far.
Posting as requested, with a website and everything.
Damn spambots. I got craploads from a science site we set up, all complete nonsense and shortened URLs. Not even any amusing ones promising me an infeasibly large wang.
Incidentally, spam received since installing plugin: none.